Secure communication between applications on untrusted platforms

摘要

Disclosed are various embodiments for facilitating secure communication between applications on an untrusted computing platform. It is verified that a first application installed in a computing device has permission to communicate with a second application also installed in the computing device based at least in part on a secure key associated with the first application. The verification may include determining that the secure key has been signed by a predetermined certificate and determining that the secure key includes a platform-specific, tamper-proof identifier of the first application. Alternatively, the verification may include determining that the first application is signed by a predetermined certificate. Communication between the first and second applications is facilitated when the first application has permission to communicate with the second application.

主权项

1. A non-transitory computer-readable medium embodying a service executable in a computing device, comprising:
code that, in response to receiving a request to authenticate a first application installed in the computing device, determines whether the first application is a first-party application or a third-party application; code that, when the first application is a first-party application, determines that the first application is authenticated in response to determining that the first application was signed by a predetermined certificate; and code that, when the first application is a third-party application, determines that the first application is authenticated in response to determining that:
the first application is associated with a secure key that was signed by the predetermined certificate; andthe secure key includes an identifier of another certificate used to sign the first application, the other certificate differing from the predetermined certificate.